Ken O'Flynn (Cork North-Central, Independent Ireland Party)
Link to this: Individually | In context

231. To ask the Tánaiste and Minister for Justice and Equality if any directive has been issued to State agencies, local authorities or public bodies regarding the use of Chinese-manufactured surveillance equipment (details supplied) within State premises or public infrastructure; and if he will make a statement on the matter. [55936/25]

Ken O'Flynn (Cork North-Central, Independent Ireland Party)
Link to this: Individually | In context

232. To ask the Tánaiste and Minister for Justice and Equality to confirm whether the National Cyber Security Centre has issued any guidance to Departments or local authorities concerning cybersecurity and data-security risks arising from Chinese suppliers; and if he will make a statement on the matter. [55937/25]

Jim O'Callaghan (Dublin Bay South, Fianna Fail)
Link to this: Individually | In context

I propose to take Questions Nos. 231 and 232 together.

I am informed that the National Cyber Security Centre (NCSC) has published detailed guidelines for use by Public Sector Bodies when planning procurement of ICT goods and services. These guidelines address a range of cybersecurity domains including supply chain security.

The NCSC has also recently published, in draft form, ‘NIS2 Risk Management Measures Guidance’, which is intended as recommendations for those within scope of the NIS2 Directive in the State. This Directive will be transposed into national law in the forthcoming National Cyber Security Bill which will introduce legal obligations to meet certain requirements which are intended to ensure that essential and important entities take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems. The Risk Management Measures set out actions related to the implementation, operation, and maintenance of an organisation-approved network and information system supply chain policy that includes security related aspects.

In addition, the NCSC is a member of the EU-led NIS2 working group that is tasked with drafting an EU ICT Supply Chain Toolbox. This vendor agnostic Toolbox will take into account the need to assess the risk profile of suppliers based on several factors, such as the likelihood of the supplier being subject to interference from a third country, the supplier’s ability to assure supply and the overall quality of products and cybersecurity practices of the supplier. Publication of the EU ICT Supply Chain Security Toolbox is expected before the end of the year.